At present, user equipments (such as mobile phones) have been widely used, greatly facilitating people's life. A user equipment may directly establish a communication connection to a base station, to perform communication and provide a user with rich communication experience using a data transmission service provided by a network. In some application scenarios, if user equipment moves from a cell of a base station to a cell of a current base station, a network connection of the user equipment needs to be handed over from the original base station to the current base station before communication can continue to be maintained.
For a future mobile communication architecture (such as a fifth generation (5G) communications system), a network also needs to satisfy a handover requirement of a user equipment. Currently, in an existing 3rd Generation Partnership Project (3GPP) standard for mobile communication, an SA2 architecture group has proposed a rough architecture of a 5G network. In this architecture, an access management function (AMF) of a core network is usually deployed in a location relatively close to a base station. Therefore, when a user equipment hands over between base stations for communication, an inter-AMF handover may also be performed.
However, a current communication security implementation method (e.g., an Extensible Authentication Protocol (EAP) method) is not applicable to security protection for inter-AMF handovers in a 5G network. Therefore, how to establish a security mechanism based on a future mobile communication architecture becomes a problem that currently needs to be urgently resolved.